UnitedHealth has revealed that 190 million Individuals had their private and healthcare information stolen within the Change Healthcare ransomware assault, practically doubling the beforehand disclosed determine.
In October, UnitedHealth reported to the US Division of Well being and Human Companies Workplace for Civil Rights that the assault affected 100 million individuals. Nevertheless, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the determine has practically doubled to 190 million.
“Change Healthcare has decided the estimated whole variety of people impacted by the Change Healthcare cyberattack is roughly 190 million,” UnitedHealth Group informed TechCrunch.
“The overwhelming majority of these individuals have already been supplied particular person or substitute discover. The ultimate quantity shall be confirmed and filed with the Workplace for Civil Rights at a later date.”
Whereas UnitedHealth says that there are not any indications that the menace actors have misused the stolen information, the sheer amount of delicate data stolen within the assault is very large.
This stolen information contains sufferers’ medical health insurance data, medical information, billing and fee data, and delicate private data, similar to telephone numbers, addresses, and, in some instances, Social Safety Numbers and authorities ID numbers.
The ransomware assault on UnitedHealth’s subsidiary, Change Healthcare, is the biggest healthcare information breach in US historical past.
The Change Healthcare ransomware assault
In February 2024, UnitedHealth subsidiary Change Healthcare suffered an enormous ransomware assault, resulting in widespread disruption to america healthcare system.
This disruption prevented docs and pharmacies from submitting claims and pharmacies from accepting low cost prescription playing cards, inflicting sufferers to pay full value for medicines.
It was later discovered that the BlackCat ransomware gang, aka ALPHV, was behind the assault. The menace actors used stolen credentials to breach the corporate’s Citrix distant entry service, which didn’t have multi-factor authentication enabled.
After breaching the community, the menace actors stole 6 TB of information and encrypted computer systems, inflicting the corporate to close down IT programs and its on-line platforms for billing, claims, and prescription achievement.
The UnitedHealth Group later confirmed it paid a ransom to obtain a decryptor and to forestall the menace actors from publicly releasing the stolen information. This ransom fee was allegedly $22 million, in line with the BlackCat ransomware affiliate who performed the assault.
This ransom fee was alleged to be cut up between the affiliate and the ransomware operators, however the BlackCat out of the blue shut down in an exit rip-off, stealing your entire fee for themselves.
That is the place it bought worse for UnitedHealth, because the menace actor behind the assault said that they didn’t delete the stolen information as promised.
The attacker then partnered with a brand new ransomware operation named RansomHub and started leaking a few of the stolen information, demanding an extra fee for the information to not be launched.
Just a few days later, the Change Healthcare entry on RansomHub’s information leak web site mysteriously disappeared, indicating that United Well being possible paid a second ransom demand.
UnitedHealth mentioned in April that the Change Healthcare ransomware assault brought on $872 million in losses, which elevated as a part of the Q3 2024 earnings to an anticipated $2.45 billion for the 9 months to September 30, 2024,